You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

1. Download this file - combofix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,tea

Please make a donation so I can keep helping people just like you.Every little bit helps! You can even use your credit card! Thank you!

The Trojan attempts to steal passwords, as well as logging keypresses and open window titles to text files and periodically sends the collected information to a remote user via HTTP. The Trojan downloads and executes additional files from a remote site. Configuration files may also be downloaded which define further behaviors.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, Your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do.[/code]

Thanks,tea

Please make a donation so I can keep helping people just like you.Every little bit helps! You can even use your credit card! Thank you!

Not that i don't want to follow the advice of reformatting and reinstalling the OS, but I would like to try to clean it up as much as possible, partially because I'm in the middle of school, and can't afford to not have my programs and documents. Then, if I see I'm still at a major risk, then I'll heed your advice.

This is a 30-day trial of the program -- This means that after 30 days the "background guard" protection will be de-activated. However, this version can continue to be manually updated and used as an on-demand scanner forever.

Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the setup program.

Once the setup is complete you will need to run AVG Anti-Spyware and update the definition files.

On the top of the main screen select the "Update" icon, then under the "Manual update" section click the "Start update" button.

The update will start and a progress bar will show the updates being installed.

Once the update has completed (the progress bar will display "Update successful!") select the "Scanner" icon at the top of the screen, then select the "Settings" tab.

After hearing your computer beep once during startup, but just before the Windows icon appears, begin tapping the F8 key on your keyboard. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, reboot the computer and try again.

Instead of Windows loading as normal, a menu should appear.

Using the arrow keys on the keyboard, scroll to and select the "Safe Mode" menu item, and then press "Enter".

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Navigate to and delete the following folders/files (if they exist):

C:\Documents and Settings\All Users\Application Data\LICENSE ADMIN OPTION BIB<---this folderC:\DOCUME~1\ERICOD~1\APPLIC~1\SKIPFI~1<----this folder. Should be skipfindbikeC:\Program Files\PartyGaming<---this folderUsing Windows Explorer, do a search for and delete CSRCS.EXE, if present.

Then please run a scan with AVG Anti-Spyware:

IMPORTANT: Do NOT open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning process.

Launch AVG Anti-Spyware by double-clicking the icon on your desktop.

Select the "Scanner" icon at the top and then the "Scan" tab. Click on "Complete System Scan".

AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.

Once the scan is complete do the following:

If you have any infections you will prompted, then select the "Apply all actions" button, AVG Anti-Spyware will then display "All actions have been applied" on the right hand side.

Next select the "Save Report" button at the bottom.

Then select the "Save report as" button in the lower left hand corner of the screen and save it as a text file on your system (make sure to remember where you saved that file, this is important!).

Close AVG Anti-Spyware and reboot your system normally into Windows. Please post the contents of the AVG Anti-Spyware report in your next reply. Please also post a new HijackThis log and let me know how it's running now.

Thanks,tea

Please make a donation so I can keep helping people just like you.Every little bit helps! You can even use your credit card! Thank you!

DANG, i was wondering at the time why that one album was being so difficult to import...i didn't know it was gonna cause all this, geez.

well, like you said, it is looking better so far.

I ran that notepad file, and then when i tried to delete those two files (C:\WINDOWS\system32\$sys$filesystem\ and C:\WINDOWS\CDProxyServ.exe) they both said "Cannot delete ____________: Access is denied. Make sure the disk is not full or write-protected and that the file is not currently in use."

i don't know if anything's different, so if you even want to see this, but i ran another hijackthis just in case:

o, and also, i meant to ask, when you say "do not play any music CDs", are you saying don't insert any music CDs in the CD drive (or at least any that are on that list), or don't listen to ANYTHING at all, even if its already in my library and the CD's not in? because i know which album it was that did it (acceptance - phantoms)....so should i just not listen to that? should i delete those song files?

i just noticed that in the C:\WINDOWS\system32 folder there are two files with that same "$sys$" prefix: $sys$upgtool and $sys$caj.dll... i didn't know if that was of any relevance, but didn't see it in the HJT log, so i thought i'd bring it up.